I have tried to use the decoder and also the local_rules.xml, but I can not figure it out. I am trying to parse a log file, that has the information stored on different lines. It would read like
** [2007-08-31 18:37:09] Data More data More data Blah Blah *** I am trying to include all 4 log lines in the data field. Is that possible? I know you can do it with grep but is there a way to do it in OSSEC? Xen
